GHSA-x65v-g96x-c6gw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x65v-g96x-c6gw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-x65v-g96x-c6gw/GHSA-x65v-g96x-c6gw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x65v-g96x-c6gw
- Aliases
-
- CVE-2025-29315
- Published
- 2025-03-24T21:30:34Z
- Modified
- 2025-03-26T20:18:23.261430Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- OpenDaylight SFC Allows Unauthorized Privileged Execution via Crafted Request
- Details
-
An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request.
- Database specific
{ "nvd_published_at": "2025-03-24T21:15:18Z", "cwe_ids": [ "CWE-284" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2025-03-26T19:48:26Z" }- References
Affected packages
Maven / org.opendaylight.sfc:sfc-parent
Package
- Name
- org.opendaylight.sfc:sfc-parent
- View open source insights on deps.dev
- Purl
- pkg:maven/org.opendaylight.sfc/sfc-parent
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.10.4
Affected versions
0.*
0.0.1-Helium
0.0.2-Helium-SR1
0.0.2-Helium-SR1.1
0.0.3-Helium-SR2
0.0.4-Helium-SR3
0.0.5-Helium-SR4
0.1.0-Lithium
0.1.1-Lithium-SR1
0.1.2-Lithium-SR2
0.1.3-Lithium-SR3
0.1.4-Lithium-SR4
0.2.0-Beryllium
0.2.1-Beryllium-SR1
0.2.2-Beryllium-SR2
0.2.3-Beryllium-SR3
0.2.4-Beryllium-SR4
0.3.0-Boron
0.3.1-Boron-SR1
0.3.2-Boron-SR2
0.3.3-Boron-SR3
0.3.4-Boron-SR4
0.5.0-Carbon
0.5.1-Carbon
0.5.2-Carbon
0.5.3-Carbon
0.5.4-Carbon
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0
0.8.1
0.8.2
0.8.3
0.9.0
0.9.1
0.9.2
0.9.3
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4